Password Storage Vulnerability in Fortinet FortiSOAR Platform
CVE-2026-22574

4.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisoar Paas; Fortisoar On-premise
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-22574?

A vulnerability in Fortinet FortiSOAR platforms allows authenticated remote attackers to exploit improper password storage mechanisms. Attackers may retrieve service account passwords by manipulating server addresses in the LDAP configuration, which could lead to unauthorized access and compromise sensitive information.

Affected Version(s)

FortiSOAR on-premise 7.6.0 <= 7.6.4

FortiSOAR on-premise 7.5.0 <= 7.5.2

FortiSOAR on-premise 7.4.0 <= 7.4.5

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-105

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Jan 7, 2026

CVE-2026-22574 Data

JSON